Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery ...

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...

This process is called a clean install, which is ironic as there's nothing particularly clean about it: Microsoft has enshittified Windows Setup.

A new malicious campaign mixes the ClickFix method with fake CAPTCHA and a signed Microsoft Application Virtualization (App-V) script to ultimately deliver the Amatera infostealing malware. The ...

It's free and open-source.

Microsoft will remove the -Credential parameter from Exchange Online PowerShell by June 2026, forcing admins to adopt MFA.

Let's examine the challenges of running Windows-dependent PowerShell scripts from Linux and compares three practical approaches -- dual booting, WinBoat and Windows Server RemoteApp -- to maintaining ...

Today is Microsoft' 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities.

DEAD#VAX campaign delivers AsyncRAT via IPFS-hosted VHD phishing files, using fileless memory injection and obfuscated ...

Also today, SAP released 27 new and updated security notes, including two that address critical-severity vulnerabilities. Jonathan Stross, SAP security analyst at Pathway, drew attention to a code ...

Microsoft’s January 2026 update puts Excel back in the spotlight. After a brief pause late last year, the company has resumed its monthly feature recap, and thi ...